Could hacking have been behind the crash of a China Eastern 737 NG in a mountainous area of southern China?
China Eastern 737 NG Crash – Was Hacking Plausible Or Impossible?
Yesterday, Kyle laid out a number of viable theories concerning the crash of China Eastern Flight 5735 on March 21, 2022, a Boeing 737-800 NG operating from Kunming (KMG) to Guangzhou (CAN). He left out a couple, one that I would like to focus on in particular today: hacking.
First, however, I think it merits mentioning that cracks were discovered in 2019 on the “pickle fork” of a number of Boeing 737 NG aircraft, first on Qantas and later on others including Southwest Airlines. The pickle fork is the component connecting the wing structure, landing gear, and fuselage. The 737 NG includes four pickle forks: two bracket the rear attachment frame and two bracket the front attachment frame.
At the time, Boeing said inspections revealed “only” about 5% of NG aircraft required repair and that redundant safety features did not make this a critical concern. Even so, it was concerning that these cracks appeared quite prematurely: this included some aircraft with less than 22,000 cycles. It is still debated whether this is an inherent design flaw or a result of improper installation of faulty aluminum alloy.
Concerning China Eastern, the idea a structural issue accelerated the collapse is at least a possibility worth considering: it would not be unprecedented.
But the more interesting theory to me is whether the aircraft was hacked. The Aviation Herald is a great resource for av geeks to really dive deep into issues like crashes and the comments typically represents a fascinating mix of theories from aviation insiders.
Its report on the China Eastern crash includes a number of comments on the possibility that hacking was at play.
For instance, one commenter speculates whether it is possible to breach aircraft systems via bluetooth:
I was asked by a colleague to address the hacking potential.
Simply put, it’s vast. Remote management of the aircraft is viable using a cell phone. It’d be hard to do more than crash. But crashing a plane would be easy.
The displays are linux computers with an old version of opengl (10+ years old). They are networked to the data computers, also older linux. The displays had bluetooth, which is inherently hackable. No effort was made to prevent hacking since it’s not an explicit certification requirement.
Hacking a bluetooth enabled device that does not have a firewall or any real protections is trivial. From displays to data computers is another trivial step since there are no protections.
Once hacked, computers can be made to do anything with or without indication to the crew. It could easily be made impossible for the crew to regain control or even determine they were losing it.
This person later added:
To be clear: I did a PSSA preliminary system safety assessment] for the DCU … the data computer that runs the pitots and sends flight info to the displays. No bluetooth there that I was notified of, however, they did not share entirely complete schematics. A broader topic also clear in my email below.
I don’t have many details I can share. I am not joking about my role, and well this is serious. I am responding bc I care.
First why: bc they got cheap cards from a video game supplier. they had atom cpu’s and tons of ram. The bluetooth chip on the board didn’t cost extra. My tiny military product employer hacked it together for Boeing. It’s hard to imagine, but it is pure garbage.
I didn’t assess the displays. But I was involved with discussions about their design. And the question came up about if the bluetooth chip on the card could be used for dataloading in the cockpit. They have usb as well. In the two cases, I said they have to cut the circuit since such chips on the motherboard are an unmigitated safety risk. Never heard back.
Others dismissed these comments as idiotic and unfounded. That may well be the case: we have not seen a case in which an outside force has remotely taken control of a cockpit. Still, the great mystery of this crash is that the plane seemed to level off and regain control between 8,000 – 9,000 feet before losing control once again and then crashing.
The cause of the China Eastern 737-800 NG crash remains a mystery. Black box data has been recovered and Chinese authorities are investigating. Hopefully a transparent investigation will occur with a clear explanation of how the aircraft rapidly descended, shortly regained control, and then lost control again. In a world in which so much can and is hacked, it at least merits having a conversation on whether hacking could have been possible in this instance.
image: Aero Icarus